Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.1109/mobhoc.2009.5336922

2009-01-01

Abstract:Collaboration enables domains to share resources effectively; however it introduces several security and privacy challenges. To guarantee the secure interoperation in complex distributed environment, a RBAC based secure interoperation model was proposed. Based on the inherent characteristic of the RBAC system, a directed acyclic graph based detection method of security violation was investigated. We also classified the conflicts according to the feature of each four parts of NITS RBAC model: conflicts resulting from unrelated roles, conflicts that arise from related roles and conflicts due to separation of duty. The targeted detection method for different types of conflicts was illustrated systematically. Therefore corresponding detection method can be applied to different types of conflicts according to the actual application environment. Furthermore, we analyzed the algorithmic complexity of the method and demonstrated the application of the directed acyclic graph based detection method with case studies in realistic scenarios.

Tao Qin,Xiaohong Guan,Yi Long,Wei Li

DOI: https://doi.org/10.1109/icis.2009.104

2009-01-01

Abstract:Users' character analysis and control are important for enterprise network management and security. In this paper, we propose a novel method to classify the users' behaviors into different security levels and control their behaviors with corresponding strategies. Firstly, Dflow model and several traffic features, including the number of packets, number of flows, flow durations, etc., are proposed to capture the users' characters. They are obtained from different layers of the OSI communication model, such as the network layer and transport layer. Secondly, we define scores for users' behaviors according to their traffic patterns using a flexible method with adjustable weight factors, and different monitoring aims can be achieved by adjusting the weight factors. Based on the behavior score, the users' behaviors are classified into three security levels: low-dangerous, mid-dangerous and high-dangerous levels. Finally, the mid (high)-dangerous users' behaviors are controlled by a dynamic quarantine method based on the principle of "assume guilty before proven innocent". We quarantine a user whenever its behavior is classified into the mid (high)-dangerous levels by blocking its traffic. Then the quarantine is released after a short time, even if the users have not been inspected by security managers yet. In this way, we can remove the potential threats from the monitoring network without interfering the users' normal activities severely. The experimental results based on actual traffic data show that the methods proposed in this paper are simple, flexible and of high accuracy, which can be used for real-time enterprise network monitoring and management.

Xi Li,Xiaoning Zhu,Guoqiang Cai,Yuan Sun

2008-01-01

Abstract:This paper advanced the solution of Markov state transfer chain to analyze the system reliability. According to the conversion of mutual relations, the paper put forward a method to calculate the life expectancy of top events in Markov quantitative analysis. Afterwards the paper presented the failure mode, failure rate and life expectancy of the top events. Meanwhile, the paper presented the method to calculate probability of important bottom events to top events. Finally the research is verified in the analysis of a city rail traffic automatic train super-vision system.

Haidong Cui,Zheng Feng,Dongfang Ma

DOI: https://doi.org/10.1109/BESC48373.2019.8963258

2019-01-01

Abstract:In order to solve the problem that traditional user behavior trustworthiness assessment methods are too subjective and have poor dynamic adaptability when setting classification weight, in this paper, the traditional Analytic Hierarchy Process has been optimized and improved, a new trustworthiness evaluation model of user behavior based on improved AHP, rough set and game theory is proposed. This method combines user activity, reward and punishment factors to evaluate user behavior comprehensively, so that the evaluation results are more scientific and accurate. and demonstrates the feasibility of the method by an example. The results show that the evaluation model can adapt to the dynamic changes in user behavior trust, objectively determine the weight of each decision attribute, and can accurately and effectively assess the credibility of user behavior.

Chengyuan Mao,Lewen Bao,Shengde Yang,Wenjiao Xu,Qin Wang

DOI: https://doi.org/10.3390/su13105690

IF: 3.9

2021-01-01

Sustainability

Abstract:Pedestrian violations pose a danger to themselves and other road users. Most previous studies predict pedestrian violation behaviors based only on pedestrians' demographic characteristics. In practice, in addition to demographic characteristics, other factors may also impact pedestrian violation behaviors. Therefore, this study aims to predict pedestrian crossing violations based on pedestrian attributes, traffic conditions, road geometry, and environmental conditions. Data on the pedestrian crossing, both in compliance and in violation, were collected from 10 signalized intersections in the city of Jinhua, China. We propose an illegal pedestrian crossing behavior prediction approach that consists of a logistic regression model and a Markov Chain model. The former calculates the likelihood that the first pedestrian who decides to cross the intersection illegally within each signal cycle, while the latter computes the probability that the subsequent pedestrians who decides to follow the violation. The proposed approach was validated using data gathered from an additional signalized intersection in Jinhua city. The results show that the proposed approach has a robust ability in pedestrian violation behavior prediction. The findings can provide theoretical references for pedestrian signal timing, crossing facility optimization, and warning system design.

Yuxiang Shan,Qin Ren,Gang Yu,Tiantian Li,Bin Cao

DOI: https://doi.org/10.1108/ijwis-02-2023-0025

2023-07-05

International Journal of Web Information Systems

Abstract:Purpose Internet marketing underground industry users refer to people who use technology means to simulate a large number of real consumer behaviors to obtain marketing activities rewards illegally, which leads to increased cost of enterprises and reduced effect of marketing. Therefore, this paper aims to construct a user risk assessment model to identify potential underground industry users to protect the interests of real consumers and reduce the marketing costs of enterprises. Design/methodology/approach Method feature extraction is based on two aspects. The first aspect is based on traditional statistical characteristics, using density-based spatial clustering of applications with noise clustering method to obtain user-dense regions. According to the total number of users in the region, the corresponding risk level of the receiving address is assigned. So that high-quality address information can be extracted. The second aspect is based on the time period during which users participate in activities, using frequent item set mining to find multiple users with similar operations within the same time period. Extract the behavior flow chart according to the user participation, so that the model can mine the deep relationship between the participating behavior and the underground industry users. Findings Based on the real underground industry user data set, the features of the data set are extracted by the proposed method. The features are experimentally verified by different models such as random forest, fully-connected layer network, SVM and XGBOST, and the proposed method is comprehensively evaluated. Experimental results show that in the best case, our method can improve the F1-score of traditional models by 55.37%. Originality/value This paper investigates the relative importance of static information and dynamic behavior characteristics of users in predicting underground industry users, and whether the absence of features of these categories affects the prediction results. This investigation can go a long way in aiding further research on this subject and found the features which improved the accuracy of predicting underground industry users.

Yu-Rong Zeng,Lin Wang,Xian-Hao Xu,Yu-Rong ZENG,Lin WANG,Xian-Hao XU

DOI: https://doi.org/10.3846/20294913.2015.1072748

2015-11-02

Technological and Economic Development of Economy

Abstract:Enterprise Resource Planning (ERP) system is a vital investment that can significantly affect future competitiveness and performance of small- and medium-sized enterprises (SMEs). Selecting the best desirable ERP software covering both qualitative and quantitative factors has been the most critical problem for a long time. On the other hand, multiple criteria decision making has been found to be a useful approach to analyze conflicting factors. Qualitative criteria are often accompanied by ambiguities and vagueness. This makes fuzzy and grey logic become more natural approaches to handle this kind of problem. This paper presents a new approach for the selection of SME-specific ERP systems. Firstly, criteria for SMEs in China to evaluate the most suitable ERP system are put forward using group-discussing and anonymous questionnaire methods. An effective and practical algorithm, which is integrated of modified Delphi, analytic hierarchy process, fuzzy comprehensive evaluation and grey relational analysis, is utilized to convert the qualitative description to quantitative data to select the most appropriate alternative in the presence of vagueness and uncertainty. Finally, the potential use of the proposed model is illustrated through a case study.

economics

Qiongzan Ye,Yangbo Gao,Zhenhua Zhang,Yu Chen,Yupeng Li,Min Gao,Shutong Chen,Xin Wang,Yang Chen

DOI: https://doi.org/10.1109/ijcnn55064.2022.9892383

2022-01-01

Abstract:Online-to-Offline (O2O) e-commerce service platforms and their users are faced with various fraud risks. Among them, financial identity theft is a widely existing challenge. However, existing methods are insufficient to detect this type of fraud. In this paper, we address the financial identity theft detection problem in e-commerce services by leveraging access environment and behavior sequence. To explore the fraud patterns, we first make a detailed analysis using real cases of identity theft from Meituan, a leading O2O e-commerce platform in China. Our findings are twofold. First, fraudulent accounts sharing the same personal ID would have different access environments, such as devices and IP addresses. Second, a group of fraudulent accounts may have aggregations of devices, IP addresses, and delivery addresses. Based on these observations, we propose a hybrid method termed EnvIT to detect financial identity theft based on the heterogeneous graph and the behavior sequence. EnvIT is able to characterize the access environment and the historical behavior of the accounts. Furthermore, an attentive module is adopted to assign weights to different features automatically. We further evaluate EnvIT via extensive experiments using a real-world dataset from Meituan. Our experimental results demonstrate that EnvIt outperforms several baseline methods in fraudulent account detection and achieves an AUC of 0.9210.

Xiao Zhang,Yutong Meng

DOI: https://doi.org/10.1038/s41598-024-68315-9

IF: 4.6

2024-08-02

Scientific Reports

Abstract:Internal employees have always been at the core of organizational security management challenges. Once an employee exhibits behaviors that threaten the organization, the resulting damage can be profound. Therefore, analyzing reasonably stored behavioral data can equip managers with effective threat monitoring and warning solutions. Through data-mining, a knowledge graph for internal threat data is deduced, and models for detecting anomalous behaviors and predicting resignations are developed. Initially, data-mining is employed to model the knowledge ontology of internal threats and construct the knowledge graph; subsequently, using the behavioral characteristics, the BP neural network is optimized with the Sparrow Search Algorithm (SSA), establishing a detection model for anomalous behaviors (SBP); additionally, behavioral sequences are processed through data feature vectorization. Utilizing SBP, the LSTM network is further optimized, creating a predictive model for employee behaviors (SLSTM); ultimately, SBP detects anomalous behaviors, while SLSTM predicts resignation intentions, thus enhancing detection strategies for at-risk employees. The integration of these models forms a comprehensive threat detection technology within the organization. The efficacy and practicality of detecting anomalous behaviors and predicting resignations using SBP and SLSTM are demonstrated, comparing them with other algorithms and analyzing potential causes of misjudgment. This work has enhanced the detection efficiency and update speed of abnormal employee behaviors, lowered the misjudgment rate, and significantly mitigated the impact of internal threats on the organization.

multidisciplinary sciences

Meng Li,Xianzhong Zhou,Yingying Zhu

DOI: https://doi.org/10.1109/csie.2009.881

2009-01-01

Abstract:Software defect impacts software trustworthiness, which is considered as the main reason of the failure of software system. However, it was inadequate to study why defect was introduced. Meanwhile, the information that the stakeholders had recorded the reasons of software defect were diverse and subjective. Hence, The paper contributes a new perspective to analyze the reason of software defect. We proposes an ontology-based identification framework to seek and identify distrustable factors. This paper takes an example to seek and identify the distrustable factors by the principles. We specify them in each stage of software life cycle; moreover, describe the relationships among distrustable factors with definitions. The last, we try to develop an ontology based identification framework of distrustable factors for presenting hierarchy of these factors.

Ming Yang,Rong Jiang,Jia Wang,Bin Gui,Leijin Long

DOI: https://doi.org/10.1038/s41598-024-81624-3

IF: 4.6

2024-12-05

Scientific Reports

Abstract:In the era of cloud service popularization, the trustworthiness of service is particularly important. If users cannot prevent the potential trustworthiness problem of the service during long-term use, once the trustworthiness problem occurs, it will cause significant losses. In order to objectively assess the cloud service trustworthiness, and predict its change, this paper establishes a special hierarchical model of cloud service trustworthiness attributes. This paper proposes corresponding management countermeasures around the model, defines the cloud service trustworthiness level, defines the cloud service trusted state based on fuzzy entropy and Markov chain, constructs the membership function of the cloud service trusted state, and realizes the assessment of cloud service trustworthiness and its changes according to the prediction method of Markov chain. Through case analysis and method comparison, it shows that the method proposed in this paper is effective and feasible. This method can provide objective and comprehensive assessment data for the cloud service trustworthiness and its change, makes up the deficiency of fuzzy entropy assessment method. This research has important reference value and significance for the research of cloud service trustworthiness assessment.

multidisciplinary sciences

XIAO Xi,ZHAI Qi-bin,TIAN Xin-guang,CHEN Xiao-juan

DOI: https://doi.org/10.3969/j.issn.1002-137x.2011.11.012

2011-01-01

Computer Science

Abstract:This paper presented a novel method for anomaly detection of user behavior based on the discrete-time Mar-kov chain model,which is applicable to intrusion detection systems using shell commands as audit data.In the training period,the uncertainty of the user's behavior and the relevance of the operation of shell commands in short time were fully considered.This method takes the sequences of shell commands as the basic processing units.It merges the sequences into sets in terms of their ordered frequencies and then constructs states of the Markov chain on the merged results.Therefore this method increases the accuracy of describing the normal behavior profile and the adaptability to the variations of the user's behavior and sharply reduces the number of states and the required storage space.In the detection stage,considering the real-time performance and the accuracy requirement of the detection system,it analyzes the anomaly degree of the user's behavior by computing the occurrence probabilities of the state sequences,and then provides two schemes,based on the probability stream filtered with single window or multi-windows,to classify the user's behavior.The results of our experiments show that this method can achieve higher detection performance and practicability than others.

Zheng Li,Kun Liu

DOI: https://doi.org/10.1007/978-3-030-31967-0_5

2019-09-21

Abstract:Internal threat is an important issue for the information systems of an organization. To deal with this problem, organizations often formulate regulations and rules to regulate the behavior of employees and prevent them from causing production risks. However, how to effectively detect violations of the rules in the production process is challenging. In this paper, we propose an event based internal threat detection method. Firstly, we establish a detection model for regulation violation by representing rules and regulations as complex events and design a rule engine to detect if these complex events occur and discover the violations of rules. Then the logs generated during product are used for activating the rule reasoning. Finally, the rule violation will be reported to the supervisor for further investigation. The experiment on the real production processes shows the method is effective and efficient to detect internal threats and can be used at major production sites.

Betty Chang,Chin Kuo,Chih-Hung Wu,Gwo-Hshiung Tzeng

DOI: https://doi.org/10.1016/j.asoc.2014.11.025

IF: 8.7

2015-03-01

Applied Soft Computing

Abstract:The aim of this paper was to evaluate the risk level for both intra-organizational cultures and for different industries in implementing an enterprise resource planning (ERP) system. This study adopts the Fuzzy Analytic Network Process (FANP) method to assess ERP implementation risks, which were categorized into four dimensions: management and execution, software system, users, and technology planning. An empirical survey was conducted that utilized the collected survey data of 20 ERP experts in Taiwan to assess, rank, and improve the critical risks of ERP implementation via the FANP method. Based on the results of the FANP method, a follow-up survey of ERP end-users in different departments of three industries was conducted to assess how intra-organizational cultures and cross-industries affect users’ perceived risks a real world scenario. Our research results demonstrated that “lack of management support and assistance” is vital risk for a successful ERP implementation. Top management support and involvement are crucial and essential factors to the success of a firm's ERP implementation. “Ineffective communication with users” was found to be the second highest risk factor. The benefits of using the FANP method for evaluating the risk factors come from the clear priority weights between alternatives. Finally, this study provides suggestions to help enterprises decrease ERP risks, and enhance the chances of success of ERP implementations among intra-organizational cultures and across-industries.

computer science, artificial intelligence, interdisciplinary applications

Yingli Wang

DOI: https://doi.org/10.1016/j.compeleceng.2024.109110

IF: 4.152

2024-02-12

Computers & Electrical Engineering

Abstract:This paper presents an effective and accurate method to analyze the network traffic risk of enterprise public cloud financial system by using deep learning algorithm. To build the analytical model, the collected data is preprocessed to extract relevant features that contribute to risk analysis. The pre-processed data is used to train the deep learning model. The model is designed to learn patterns and relationships in network traffic data. The network traffic risk analysis module is constructed by combining the deep learning model with the system architecture of the enterprise public cloud financial system. Through a trained deep learning model, the module is able to accurately identify abnormal behavior in network traffic and provide corresponding risk assessments. The results show that the proposed system module can accurately identify abnormal behavior in network traffic and provide risk assessment.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Ashish Kamra,Evimaria Terzi,Elisa Bertino

DOI: https://doi.org/10.1007/s00778-007-0051-4

2007-05-17

The VLDB Journal

Abstract:A considerable effort has been recently devoted to the development of Database Management Systems (DBMS) which guarantee high assurance and security. An important component of any strong security solution is represented by Intrusion Detection (ID) techniques, able to detect anomalous behavior of applications and users. To date, however, there have been few ID mechanisms proposed which are specifically tailored to function within the DBMS. In this paper, we propose such a mechanism. Our approach is based on mining SQL queries stored in database audit log files. The result of the mining process is used to form profiles that can model normal database access behavior and identify intruders. We consider two different scenarios while addressing the problem. In the first case, we assume that the database has a Role Based Access Control (RBAC) model in place. Under a RBAC system permissions are associated with roles, grouping several users, rather than with single users. Our ID system is able to determine role intruders, that is, individuals while holding a specific role, behave differently than expected. An important advantage of providing an ID technique specifically tailored to RBAC databases is that it can help in protecting against insider threats. Furthermore, the existence of roles makes our approach usable even for databases with large user population. In the second scenario, we assume that there are no roles associated with users of the database. In this case, we look directly at the behavior of the users. We employ clustering algorithms to form concise profiles representing normal user behavior. For detection, we either use these clustered profiles as the roles or employ outlier detection techniques to identify behavior that deviates from the profiles. Our preliminary experimental evaluation on both real and synthetic database traces shows that our methods work well in practical situations.

computer science, information systems, hardware & architecture

Jianghui Liu,Qiuyi Chen,Yuexing Qiu

DOI: https://doi.org/10.3233/faia200720

2020-11-09

Abstract:With the popularization of informatization, most companies have their own information management systems. However, faced with massive amounts of data, most companies cannot integrate and utilize its potential value. When traditional companies make sales forecasts, they usually purchase data completion, connect multiple data source channels, and then judge the future sales situation perceptually. This lack of data accumulation and analysis, and it is impossible to display the intrinsic value of the massive data in the system. Some companies will also build professional data analysis teams or seek help from third-party companies. But this will cause high expenses and greatly reduce sales expenses. This study combines artificial intelligence technology with ERP sales management system. We apply artificial intelligence, machine learning, cloud computing to the design and construction of intelligent ERP sales management system. It solves the core problems of enterprise product sales through the deep learning function of the sales system. It may predict enterprise sales and rationally allocate enterprise resources, increase product sales effectively, and help enterprises build effective modern management systems.

Jia Shao,Kin Keung Lai,Pei Zheng,Guicai Zhang,Yi Qin,Wenfeng Lu

DOI: https://doi.org/10.1155/2022/7668276

2022-10-15

Mobile Information Systems

Abstract:Present-day enterprise accounting solutions have been developed to a certain extent to provide authenticity of accounting information and to provide modules for billing, pay role, general ledger, and more, but they come with certain problems such as distortion of accounting information, incomplete selection of indicator variables, and the limited and single use of identification methods. Based on this, this study starts with two points. The first is to give the concepts of decision trees and support vector machine (SVM) in data mining. Then, the accounting distortion information identification model is constructed based on this, and the model effect is verified by setting experiments. The second is to establish a regression model on the relationship between enterprise strategy and accounting information quality to further explore the factors that affect the quality of enterprise accounting information. The following are the research results: (1) The accuracy rates of classification and identification of training set data, overall data, and test set data using the SVM-based identification model are 99.19%, 96.21%, and 94.8%, respectively. (2) The average identification rate of the sample data is 88.5% using the identification model based on the decision tree. (3) The regression coefficients of enterprise strategy and accounting information quality are −0.053 and −0.054, respectively without considering the industry and year variables and with considering the industry and year variables, both of which are negative at the 0.1 significance level. The purpose of this study is to use data mining to achieve high-quality identification of enterprise accounting information and provide some references for enterprises to choose or formulate relevant development strategies.

computer science, information systems,telecommunications

Zhaoli Liu,Xiaohong Guan,Shancang Li,Tao Qin,Chao He

DOI: https://doi.org/10.1109/access.2018.2882812

IF: 3.9

2018-01-01

IEEE Access

Abstract:The widespread use of social media, cloud computing, and Internet of Things generates massive behavior data recorded by system logs, and how to utilize these data to improve the stability and security of these systems becomes more and more difficult due to the increasing number of users and amount of data. In this paper, we propose a novel model named behavior rhythm (BR) to characterize and visualize the user's behaviors from the massive logs and apply it to the system security management. Based on the BR model, we conduct the clustering analysis to mine the user clusters. Different management and access control policies can be applied to different clusters to improve the management efficiency. Then, we apply the non-negative matrix factorization method to analyze the BRs and perform abnormal detection, and employ the BR similarity calculation to perform fast potential anomaly tracking. The detection and tracing results can help the administrators to control the threats efficiently. Experimental results based on the datasets collected from the campus network center of Xi'an Jiaotong University verify the accuracy and efficiency of our method in user behavior profiling and security management, which lay a solid foundation for improving system stability and quality of service.

Wenzhe Zhang,Chuyang Zeng,Yang Cao,Zuming Qin,Haiguang Chen

DOI: https://doi.org/10.1088/1742-6596/2246/1/012082

2022-04-01

Journal of Physics: Conference Series

Abstract:Abstract Aiming at the poor detection performance of user abnormal login behavior in the complex environment of industrial control system, a new method based on multi-dimensional probability analysis is proposed. First of all, login time, source, destination and other login parameters are collected. Secondly, the abnormal probability of login parameters is calculated. Thirdly, the login transfer probability among multiple destination hosts is calculated. Finally, through the comprehensive analysis of the above three probabilities, an abnormal login behavior detection model based on multi-dimensional probability analysis is constructed. Experiments show that this method can effectively identify the abnormal login behavior of users caused by various types of network attacks.